I am trying to configure pam and/or nslcd to query an AD/LDAP server
when a user accesses a system via SSH using public key authentication.

I have successfully configured nslcd to query the AD/LDAP server and
filter on a specific group. Unfortunately it does not appear to apply
if the user is accessing the system using public key authentication. I
have attempted a number of different sshd pam configuration changes
and have added a pam_authz_search entry to nslcd.conf, but
unfortunately none appear to be getting used.

The way I've set this up is by storing the public key in the LDAP
database, and using the sshd_config AuthorizedKeysCommand to do a lookup
by username. That ignores any key in ~/.ssh/authorized_keys.

Is that what you're aiming for? I can add further details if so.

Note that that doesn't involve PAM at all (IIRC) -- it's the ssh daemon
that does the lookup and checks the key.

This archive was generated using
mhonarc
on Mon Jun 01 04:04:34 2020.
If you have any questions about these pages, please contact
listmaster [at]
arthurdejong.org.
Please see the mailing list policy and disclaimer.